SYSLOG: CheckPoint Syslogd Escape Characters
This signature detects attempts to exploit a known vulnerability in the syslog daemon in Check Point VPN-1/FW-1 NG FP3. The syslog daemon redirects incoming syslog messages from remote devices (routers) to the SmartTracker logging mechanism. Attackers can remotely crash the syslog daemon, which must be restarted manually.
Extended Description
Remote attackers could exploit this vulnerability to conduct a variety of attacks, such as view log files, start a denial of service attack, execute arbitrary commands, and modify files and data.
References
URL: http://www.aerasec.de/security/index.html?id=ae-200303-064
Short Name
SYSLOG:CP-SYSLOGD-ESC
Severity
Minor
Recommended
False
Recommended Action
None
Category
SYSLOG
Keywords
Characters CheckPoint Escape Syslogd
Release Date
05/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3324
False Positive
Unknown